Welcome back to the Trident Radar!
It’s the first week of December and that means one thing… The November Roundup.
If October was the month big capital roared back, November was the month the market rebalanced. Deal count dropped, but the quality went up. Investors doubled down on AI-native defensive platforms, identity innovation accelerated, OT and industrial security marched forward, and M&A activity signalled that consolidation season is far from over.
But the biggest story?
Security is shifting from “What happened?” to “Who (or what) is taking this action?”. This is a huge reflection of AI agents, synthetic identities, and non-human workloads becoming the fastest-growing risk surface.
Let's dive in.
Trident Talks!
In this episode of Trident Talks, Rosie Larter sits down with Idan Gour, Co-Founder and CTO of Astrix Security, to unpack how the NHI category has evolved - and why it’s accelerating again with the rise of AI agents.
November Overview
AI Identity Takes Centre Stage: Identity once meant employees and contractors; now it spans AI agents, synthetic accounts, ephemeral services, and machine-to-machine workflows. Investors responded decisively: Opti, Hush Security, Verisoul, and UnCognito all raised capital to tackle non-human identity verification, fraud detection, and AI-driven access governance.
AI-Native Security Firms Dominate Seed Rounds: Seed-stage activity skewed almost entirely to agentic SOC tooling, autonomous detection engineering, and AI-driven cloud defence. Platforms capable of generating detections, triaging alerts, or hardening cloud workloads without human babysitting stood out.
Major Platforms Resume Buying Sprees: LevelBlue’s buyout of Cybereason, Wallix’s acquisition of Malizen, Allurity’s latest roll-up, and Redsquid’s continued expansion all highlight a clear trend: mid-market and enterprise buyers want consolidated suites with identity, detection, and visibility in one operational envelope.
OT & Industrial Deals Quiet But Meaningful: While November wasn’t packed with OT megadeals, the moves from Westermo, Ependion, and industrial network players earlier in the quarter set the tone. Vendors that can operate across both IT and OT stacks are gaining strategic advantage and investors are noticing.
Fraud, Abuse & User Authenticity Move Into Cyber Territory: Fake accounts, synthetic IDs, and AI-generated behaviour are no longer just fintech or marketplace problems. They’re now core security concerns. Verisoul’s early-stage traction underscored this shift.
M&A Volume Steady, Strategy Deepens: Fewer giant headline deals than October but sharper intent. Acquisitions targeted:
identity + detection fusion
SOC data visualisation
managed cyber capabilities
cyber insurance distribution
regional MSSP consolidation
Quality > quantity.
Deals of the Month
Opti – Seed / Early – $15.2M raised to date – AI-Native Identity Governance
Hush Security – Early Stage – $8.15M raised – IAM & AI Security for Distributed Systems
Verisoul – Seed / Early – $8.56M raised – Fake Account Defense & Synthetic Identity Detection
SpaceComputer – Seed – $7.61M raised – Blockchain Infrastructure Security
Blast Security – Seed – $2.34M raised – Cloud Security & Runtime Guardrails
Clover – Early VC – $27.38M raised – Secure-by-Design Platform for Developers
UnCognito – Early Stage – $5.4M raised – Fraud Prevention & AI-Driven Risk Detection
detections.ai – Seed – $3.5M – AI Detection Engineering Platform
Cybereason – Buyout (LevelBlue) – EDR → XDR → MSSP Consolidation
Major M&A
LevelBlue → Cybereason (Buyout) - A major endpoint consolidation event. Cybereason’s $724M+ funding trail makes this one of the most talked-about buyouts of 2025. Expect deeper XDR + MSSP convergence in 2026.
Wallix Group → Malizen (Acquisition) - Identity vendor Wallix picks up Malizen’s SOC visualisation and analyst workflow platform. Identity + telemetry + investigation = a powerful emerging suite model.
Allurity → Monti Stampa Furrer & Partners (Buyout/LBO) - Allurity continues building a pan-European cybersecurity conglomerate. Regional MSSPs and boutique consultancies are being rolled into a centralised operating model.
Redsquid → CJAZ Consulting (Acquisition) - Further expansion into security consulting and managed services — a UK mid-market consolidation move.
Market Intel Deep Dive
The Identity Explosion: Humans, Machines & Synthetic Actors
The defining theme of November was identity, not in the traditional employee-centric sense, but in the new multi-species ecosystem of digital actors:
Employees
Contractors
SaaS apps
AI agents
LLM-assisted workflows
API chains
IoT devices
Fraudsters
Synthetic identities
Bots and autonomous scripts
Enterprises now face a fundamental challenge: “Who is doing what?” is no longer a straightforward question.
Non-Human Identity (NHI) is now a first-class attack surface
Defakto’s October round validated this, and November’s deals doubled down on it. NHI entities massively outnumber human users and usually hold more sensitive permissions.
Identity + Detection will converge into a single plane
JumpCloud’s Breez acquisition in October set the tone. Wallix acquiring Malizen reinforces it. Endpoint, identity, and SOC workflows are merging into unified operations.
User authenticity has entered core cybersecurity
Verisoul and UnCognito highlight a sharp pivot: fake users are now a security problem, not just a fraud problem.
Why this matters to CISOs
Detection is shifting toward understanding intent and authenticity, not just events.
Access governance must become real-time, contextual, and automated.
AI agents require the same lifecycle management as employees.
Fraud, growth, and security data must merge into one view.
The organisations adapting fastest are those treating identity i.e. human, machine, bot, or synthetic, as the new perimeter.
November Hiring Trends
Hiring continued at a steady clip, though more focused than October. The biggest patterns:
Account Executives dominate
Founding and 1st/2nd AE hires surged across AI security, DSPM, cloud security, agentic SOC, and identity.
Identity & data-heavy platforms hiring early GTM
Identity and DSPM-driven vendors all opened high-value AE roles.
Leadership searches in pipeline but not launched
CRO and VP Sales searches remain quieter than expected, likely Q1 2026 mandates.
US-heavy searches, Israel reaccelerating
The majority of roles remain US-focused, but Tel Aviv regained momentum, especially in AI security, cloud protection, and agentic automation startups.
Hot Jobs
Account Executive – Data Security | United States
Data protection platform — $320K OTE
Contact: [email protected]
Account Executive – Application Security
Identity-First security platform — $300K OTE
Contact: [email protected]
Enterprise AE – Resilience & IR Automation
Cybersecurity incident response management platform — $300K OTE
Contact: [email protected]
CTO x3 | USA
Contact: [email protected]
DSPM | AI-native | NYC hybrid
Offensive Security | Series B | Remote
Blockchain Security | Agentic AI | Remote
Enterprise AE | East/Central US
Agentic AI SOC platform — $350K OTE
Contact: [email protected]
DoD Account Executive | Washington DC
AI-driven GRC platform — $300K OTE
Contact: [email protected]
AE – West Coast
Series B vendor transforming reporting workflows — $310K OTE
Contact: [email protected]
AE – Central/East US
DSPM vendor in hypergrowth — $300–350K OTE
Contact: [email protected]
Ready to make your next move? These roles won't stay open long.
December Predictions
Identity will become the most-funded category of Q1 2026. Expect multiple rounds across NHI governance, AI identity protection, and fake account defense.
At least one AI SOC vendor will raise a $20–30M Series A before February. Enterprise pilots are converting fast.
A major MSP/MSSP will acquire an AI-driven detection engineering platform. The SIEM ecosystem is shifting hard.
OT cyber vendors will announce new industrial partnerships. Transport and energy remain prime targets.
Early signals show a fraud + cyber convergence wave. Expect startups to position authenticity, risk scoring, and user verification as a single stack.
📥 INBOX INTEL
Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.
Send us your tips:
Funding rounds in stealth mode
Executive movements and reorganizations
Customer wins/losses that signal market shifts
Technology partnerships before they're announced
Hiring sprees or freezes at specific companies
Email: [email protected]
All sources protected. We verify before we publish.
The Trident Radar - Intelligence that moves faster than your competition
Delivered by Trident Search Research Desk
Editor: Ryan Keeley | London